Kernel, Grafana, mod_http2, Firefox updates for AlmaLinux

AlmaLinux 2318 Published by

New updates for AlmaLinux have been issued, resolving multiple security concerns. The update encompasses bug fixes, enhancements, and security updates for the Linux Kernel, Grafana, mod_http2, and Firefox:

ALSA-2024:6997: kernel security update (Important)
ALSA-2024:2758: kernel security and bug fix update (Moderate)
ALSA-2024:5928: kernel security update (Important)
ALSA-2024:5363: kernel security update (Important)
ALSA-2024:4928: kernel security update (Moderate)
ALSA-2024:4583: kernel security update (Important)
ALSA-2024:4349: kernel security and bug fix update (Moderate)
ALSA-2024:3619: kernel security and bug fix update (Moderate)
ALSA-2024:3306: kernel security and bug fix update (Moderate)
ALSA-2024:6567: kernel security update (Moderate)
ALSA-2024:2394: kernel security, bug fix, and enhancement update (Important)
ALSA-2024:8617: kernel security update (Moderate)
ALSA-2024:8678: grafana security update (Important)
ALSA-2024:8680: mod_http2 security update (Low)
ALSA-2024:8729: firefox security update (Moderate)




ALSA-2024:6997: kernel security update (Important)


Hi,

You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.

AlmaLinux: 9
Type: Security
Severity: Important
Release date: 2024-11-03

Summary:

The kernel packages contain the Linux kernel, the core of any Linux operating system.

Security Fix(es):

* kernel: uio: Fix use-after-free in uio_open (CVE-2023-52439)
* kernel: net/sched: act_mirred: don't override retval if we already lost the skb (CVE-2024-26739)
* kernel: ARM: 9359/1: flush: check if the folio is reserved for no-mapping addresses (CVE-2024-26947)
* kernel: scsi: qla2xxx: Fix command flush on cable pull (CVE-2024-26931)
* kernel: scsi: qla2xxx: Fix double free of the ha->vp_map pointer (CVE-2024-26930)
* kernel: scsi: qla2xxx: Fix double free of fcport (CVE-2024-26929)
* kernel: fork: defer linking file vma until vma is fully initialized (CVE-2024-27022)
* kernel: KVM: x86/mmu: x86: Don't overflow lpage_info when checking attributes (CVE-2024-26991)
* kernel: bpf, sockmap: Prevent lock inversion deadlock in map delete elem (CVE-2024-35895)
* kernel: tty: n_gsm: fix possible out-of-bounds in gsm0_receive() (CVE-2024-36016)
* kernel: gpiolib: cdev: Fix use after free in lineinfo_changed_notify (CVE-2024-36899)
* kernel: cpufreq: exit() callback is optional (CVE-2024-38615)
* kernel: ring-buffer: Fix a race between readers and resize checks (CVE-2024-38601)
* kernel: cppc_cpufreq: Fix possible null pointer dereference (CVE-2024-38573)
* kernel: gfs2: Fix potential glock use-after-free on unmount (CVE-2024-38570)
* kernel: wifi: nl80211: Avoid address calculations via out of bounds array indexing (CVE-2024-38562)
* kernel: Input: cyapa - add missing input core locking to suspend/resume functions (CVE-2023-52884)
* kernel: ACPICA: Revert "ACPICA: avoid Info: mapping multiple BARs. Your kernel is fine." (CVE-2024-40984)
* kernel: wifi: mac80211: Avoid address calculations via out of bounds array indexing (CVE-2024-41071)
* kernel: wifi: mt76: replace skb_put with skb_put_zero (CVE-2024-42225)
* kernel: net, sunrpc: Remap EPERM in case of connection failure in xs_tcp_setup_socket (CVE-2024-42246)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Full details, updated packages, references, and other related information: https://errata.almalinux.org/9/ALSA-2024-6997.html

This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.

Kind regards,
AlmaLinux Team



ALSA-2024:2758: kernel security and bug fix update (Moderate)


Hi,

You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.

AlmaLinux: 9
Type: Security
Severity: Moderate
Release date: 2024-11-03

Summary:

The kernel packages contain the Linux kernel, the core of any Linux operating system.

Security Fix(es):

* kernel: Marvin vulnerability side-channel leakage in the RSA decryption operation (CVE-2023-6240)
* CVE-2024-25743 hw: amd: Instruction raise #VC exception at exit (AMD-SN-3008,CVE-2024-25742,CVE-2024-25743)

Bug Fix(es):

* ffdhe* algortihms introduced in 0a2e5b909023 as .fips_allowed=1 lack pairwise consistency tests (JIRA:AlmaLinux-27009)
* mm/mglru: fix underprotected page cache (JIRA:AlmaLinux-29235)
* [EMR] [TBOOT OS] SUT could not go to S3 state with AlmaLinux 9.2 Tboot OS One CPU return -16 running BUSY (JIRA:AlmaLinux-29673)
* system hangs completely - NMI not possible (JIRA:AlmaLinux-30678)
* ice 0000:6f:00.0: PTP failed to get time (JIRA:AlmaLinux-30110)

Full details, updated packages, references, and other related information: https://errata.almalinux.org/9/ALSA-2024-2758.html

This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.

Kind regards,
AlmaLinux Team



ALSA-2024:5928: kernel security update (Important)


Hi,

You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.

AlmaLinux: 9
Type: Security
Severity: Important
Release date: 2024-11-03

Summary:

The kernel packages contain the Linux kernel, the core of any Linux operating system.

Security Fix(es):

* kernel: nftables: nft_set_rbtree skip end interval element from gc (CVE-2024-26581)
* kernel: netfilter: nft_limit: reject configurations that cause integer overflow (CVE-2024-26668)
* kernel: vfio/pci: Lock external INTx masking ops (CVE-2024-26810)
* kernel: net: ice: Fix potential NULL pointer dereference in ice_bridge_setlink() (CVE-2024-26855)
* kernel: x86/xen: Add some null pointer checking to smp.c (CVE-2024-26908)
* kernel: netfilter: nf_tables: release mutex after nft_gc_seq_end from abort path (CVE-2024-26925)
* kernel: netfilter: nf_tables: Fix potential data-race in __nft_expr_type_get() (CVE-2024-27020)
* kernel: netfilter: nf_tables: Fix potential data-race in __nft_obj_type_get() (CVE-2024-27019)
* kernel: netfilter: flowtable: validate pppoe header (CVE-2024-27016)
* kernel: netfilter: bridge: confirm multicast packets before passing them up the stack (CVE-2024-27415)
* kernel: netfilter: bridge: replace physindev with physinif in nf_bridge_info (CVE-2024-35839)
* kernel: netfilter: nf_tables: Fix potential data-race in __nft_flowtable_type_get() (CVE-2024-35898)
* kernel: netfilter: nf_tables: discard table flag update with pending basechain deletion (CVE-2024-35897)
* kernel: netfilter: validate user input for expected length (CVE-2024-35896)
* kernel: netfilter: complete validation of user input (CVE-2024-35962)
* kernel: ice: fix LAG and VF lock dependency in ice_reset_vf() (CVE-2024-36003)
* kernel: cxl/port: Fix delete_endpoint() vs parent unregistration race (CVE-2023-52771)
* kernel: tty: n_gsm: require CAP_NET_ADMIN to attach N_GSM0710 ldisc (CVE-2023-52880)
* kernel: scsi: qla2xxx: Fix off by one in qla_edif_app_getstats() (CVE-2024-36025)
* kernel: net/mlx5e: Fix netif state handling (CVE-2024-38608)
* kernel: crypto: bcm - Fix pointer arithmetic (CVE-2024-38579)
* kernel: RDMA/rxe: Fix seg fault in rxe_comp_queue_pkt (CVE-2024-38544)
* kernel: bnxt_re: avoid shift undefined behavior in bnxt_qplib_alloc_init_hwq (CVE-2024-38540)
* kernel: net: bridge: xmit: make sure we have at least eth header len bytes (CVE-2024-38538)
* kernel: md/raid5: fix deadlock that raid5d() wait for itself to clear MD_SB_CHANGE_PENDING (CVE-2024-39476)
* kernel: ipv6: fix possible race in __fib6_drop_pcpu_from() (CVE-2024-40905)
* kernel: wifi: cfg80211: Lock wiphy in cfg80211_get_station (CVE-2024-40911)
* kernel: wifi: mac80211: Fix deadlock in ieee80211_sta_ps_deliver_wakeup() (CVE-2024-40912)
* kernel: mm/huge_memory: don't unpoison huge_zero_folio (CVE-2024-40914)
* kernel: wifi: iwlwifi: mvm: check n_ssids before accessing the ssids (CVE-2024-40929)
* kernel: net: wwan: iosm: Fix tainted pointer delete is case of region creation fail (CVE-2024-40939)
* kernel: wifi: iwlwifi: mvm: don't read past the mfuart notifcation (CVE-2024-40941)
* kernel: seg6: fix parameter passing when calling NF_HOOK() in End.DX4 and End.DX6 behaviors (CVE-2024-40957)
* kernel: scsi: qedi: Fix crash while reading debugfs attribute (CVE-2024-40978)
* kernel: tipc: force a dst refcount before doing decryption (CVE-2024-40983)
* kernel: virtio-net: tap: mlx5_core short frame denial of service (CVE-2024-41090)
* kernel: virtio-net: tun: mlx5_core short frame denial of service (CVE-2024-41091)
* kernel: udp: Set SOCK_RCU_FREE earlier in udp_lib_get_port() (CVE-2024-41041)
* kernel: NFSv4: Fix memory leak in nfs4_set_security_label (CVE-2024-41076)
* kernel: net: ntb_netdev: Move ntb_netdev_rx_handler() to call netif_rx() from __netif_rx() (CVE-2024-42110)
* kernel: nvmet: fix a possible leak when destroy a ctrl during qp establishment (CVE-2024-42152)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Full details, updated packages, references, and other related information: https://errata.almalinux.org/9/ALSA-2024-5928.html

This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.

Kind regards,
AlmaLinux Team



ALSA-2024:5363: kernel security update (Important)


Hi,

You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.

AlmaLinux: 9
Type: Security
Severity: Important
Release date: 2024-11-03

Summary:

The kernel packages contain the Linux kernel, the core of any Linux operating system.
Security Fix(es):

* kernel: phy: (CVE-2024-26600)
* kernel: netfilter: multiple flaws (CVE-2024-26808, CVE-2024-27065, CVE-2024-35899, CVE-2024-36005)
* kernel: cifs: (CVE-2024-26828)
* kernel: wifi: multiple flaws (CVE-2024-26897, CVE-2024-27052, CVE-2024-27049, CVE-2023-52651, CVE-2024-35789, CVE-2024-27434, CVE-2024-35845, CVE-2024-35937, CVE-2024-36941, CVE-2024-36922, CVE-2024-36921, CVE-2024-38575)
* kernel: nfs: (CVE-2024-26868)
* kernel: igc: (CVE-2024-26853)
* kernel: dmaengine/idxd: (CVE-2024-21823)
* kernel: ipv6: multiple flaws (CVE-2024-27417, CVE-2024-35969, CVE-2024-36903, CVE-2024-40961)
* kernel: vt: (CVE-2024-35823)
* kernel: efi: (CVE-2024-35800)
* kernel: mlxsw: (CVE-2024-35852)
* kernel: eeprom: (CVE-2024-35848)
* kernel: ice: (CVE-2024-35911)
* kernel: platform/x86: (CVE-2023-52864)
* kernel: i40e: (CVE-2024-36020)
* kernel: rtnetlink: (CVE-2024-36017)
* kernel: net: multiple flaws (CVE-2024-36929, CVE-2024-36971, CVE-2021-47606, CVE-2024-38558, CVE-2024-40928, CVE-2024-40954)
* kernel: ipvlan: (CVE-2024-33621)
* kernel: tcp: (CVE-2024-37356)
* kernel: virtio: (CVE-2024-37353)
* kernel: tls: (CVE-2024-36489)
* kernel: cxl/region: (CVE-2024-38391)
* kernel: bonding: (CVE-2024-39487)
* kernel: netns: (CVE-2024-40958)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Full details, updated packages, references, and other related information: https://errata.almalinux.org/9/ALSA-2024-5363.html

This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.

Kind regards,
AlmaLinux Team



ALSA-2024:4928: kernel security update (Moderate)


Hi,

You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.

AlmaLinux: 9
Type: Security
Severity: Moderate
Release date: 2024-11-03

Summary:

The kernel packages contain the Linux kernel, the core of any Linux operating system.

Security Fix(es):

* kernel: block: null pointer dereference in ioctl.c when length and logical block size are misaligned (CVE-2023-52458)
* kernel: ext4: avoid allocating blocks from corrupted group in ext4_mb_try_best_found() (CVE-2024-26773)
* kernel: bpf: Fix racing between bpf_timer_cancel_and_free and bpf_timer_cancel (CVE-2024-26737)
* kernel: dm: call the resume method on internal suspend (CVE-2024-26880)
* kernel: net/ipv6: avoid possible UAF in ip6_route_mpath_notify() (CVE-2024-26852)
* kernel: Squashfs: check the inode number is not the invalid value of zero (CVE-2024-26982)
* kernel: nfp: flower: handle acti_netdevs allocation failure (CVE-2024-27046)
* kernel: octeontx2-af: Use separate handlers for interrupts (CVE-2024-27030)
* kernel: icmp: prevent possible NULL dereferences from icmp_build_probe() (CVE-2024-35857)
* kernel: mlxbf_gige: call request_irq() after NAPI initialized (CVE-2024-35907)
* kernel: mlxbf_gige: stop interface during shutdown (CVE-2024-35885)
* kernel: scsi: libfc: Fix potential NULL pointer dereference in fc_lport_ptp_setup() (CVE-2023-52809)
* kernel: can: j1939: j1939_netdev_start(): fix UAF for rx_kref of j1939_priv (CVE-2021-47459)
* kernel: scsi: lpfc: Release hbalock before calling lpfc_worker_wake_up() (CVE-2024-36924)
* kernel: scsi: lpfc: Move NPIV's transport unregistration to after resource clean up (CVE-2024-36952)
* kernel: net: amd-xgbe: Fix skb data length underflow (CVE-2022-48743)
* kernel: epoll: be better about file lifetimes (CVE-2024-38580)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Full details, updated packages, references, and other related information: https://errata.almalinux.org/9/ALSA-2024-4928.html

This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.

Kind regards,
AlmaLinux Team



ALSA-2024:4583: kernel security update (Important)


Hi,

You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.

AlmaLinux: 9
Type: Security
Severity: Important
Release date: 2024-11-03

Summary:

The kernel packages contain the Linux kernel, the core of any Linux operating system.

Security Fix(es):

* kernel: TIPC message reassembly use-after-free remote code execution vulnerability (CVE-2024-36886)
* kernel: ethernet: hisilicon: hns: hns_dsaf_misc: fix a possible array overflow in hns_dsaf_ge_srst_by_port() (CVE-2021-47548)
* kernel: net: hns3: fix use-after-free bug in hclgevf_send_mbx_msg (CVE-2021-47596)
* kernel: vt: fix memory overlapping when deleting chars in the buffer (CVE-2022-48627)
* kernel: can: j1939: prevent deadlock by changing j1939_socks_lock to rwlock (CVE-2023-52638)
* kernel: mm/vmscan: fix a bug calling wakeup_kswapd() with a wrong zone index (CVE-2024-26783)
* kernel: net/mlx5e: Use a memory barrier to enforce PTP WQ xmit submission tracking occurs after populating the metadata_map (CVE-2024-26858)
* kernel: netfilter: nf_tables: use timestamp to check for set element timeout (CVE-2024-27397)
* kernel: nvme: fix reconnection fail due to reserved tag allocation (CVE-2024-27435)
* kernel: net: ena: Fix incorrect descriptor free behavior (CVE-2024-35958)
* kernel: tcp: Use refcount_inc_not_zero() in tcp_twsk_unique(). (CVE-2024-36904)
* kernel: lib/test_hmm.c: handle src_pfns and dst_pfns allocation failure (CVE-2024-38543)
* kernel: r8169: Fix possible ring buffer corruption on fragmented Tx packets. (CVE-2024-38586)
* kernel: net: micrel: Fix receiving the timestamp in the frame for lan8841 (CVE-2024-38593)
* kernel: netfilter: tproxy: bail out if IP has been disabled on the device (CVE-2024-36270)
* kernel: octeontx2-af: avoid off-by-one read from userspace (CVE-2024-36957)
* kernel: blk-cgroup: fix list corruption from resetting io stat (CVE-2024-38663)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Full details, updated packages, references, and other related information: https://errata.almalinux.org/9/ALSA-2024-4583.html

This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.

Kind regards,
AlmaLinux Team



ALSA-2024:4349: kernel security and bug fix update (Moderate)


Hi,

You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.

AlmaLinux: 9
Type: Security
Severity: Moderate
Release date: 2024-11-03

Summary:

The kernel packages contain the Linux kernel, the core of any Linux operating system.

Security Fix(es):

* kernel: net/mlx5e: Fix operation precedence bug in port timestamping napi_poll context (CVE-2023-52626)
* kernel: Bluetooth: Avoid potential use-after-free in hci_error_reset (CVE-2024-26801)
* kernel: crypto: qat - resolve race condition during AER recovery (CVE-2024-26974)
* kernel: xen-netfront: Add missing skb_mark_for_recycle (CVE-2024-27393)
* kernel: net/mlx5e: fix a potential double-free in fs_any_create_groups (CVE-2023-52667)
* kernel: smb: client: fix UAF in smb2_reconnect_server() (CVE-2024-35870)
* kernel: net/mlx5: Properly link new fs rules into the tree (CVE-2024-35960)
* kernel: net: hns3: do not allow call hns3_nic_net_open repeatedly (CVE-2021-47400)

Bug Fix(es):

* cifs - kernel panic with cifs_put_smb_ses (JIRA:AlmaLinux-28943)
* BUG: unable to handle page fault for address: ff16bf752f593ff8 [almalinux-9.4.z] (JIRA:AlmaLinux-35672)
* [HPE 9.4 Bug] Request merge of AMD address translation library patch series [almalinux-9.4.z] (JIRA:AlmaLinux-36220)
* [AlmaLinux9] kernel BUG at lib/list_debug.c:51! [almalinux-9.4.z] (JIRA:AlmaLinux-36687)
* ice: DPLL-related fixes [almalinux-9.4.z] (JIRA:AlmaLinux-36716)
* CNB95: net/sched: update TC core to upstream v6.8 [almalinux-9.4.z] (JIRA:AlmaLinux-37641)
* IPv6: SR: backport fixes from upstream [almalinux-9.4.z] (JIRA:AlmaLinux-37669)
* [RFE] Backport tmpfs noswap mount option [almalinux-9.4.z] (JIRA:AlmaLinux-38252)
* Isolated cores causing issues on latest AlmaLinux9.4 kernel and not functioning as desired. [almalinux-9.4.z] (JIRA:AlmaLinux-38595)
* [ice] Add automatic VF reset on Tx MDD events [almalinux-9.4.z] (JIRA:AlmaLinux-39083)
* [HPEMC AlmaLinux 9.4 REGRESSION] turbostat: turbostat broken on 10+ sockets. [almalinux-9.4.z] (JIRA:AlmaLinux-34953)
* bnx2x: fix crashes in PCI error handling, resource leaks [almalinux-9.4.z] (JIRA:AlmaLinux-43272)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer the CVE page(s) listed in the References section.

Full details, updated packages, references, and other related information: https://errata.almalinux.org/9/ALSA-2024-4349.html

This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.

Kind regards,
AlmaLinux Team



ALSA-2024:3619: kernel security and bug fix update (Moderate)


Hi,

You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.

AlmaLinux: 9
Type: Security
Severity: Moderate
Release date: 2024-11-03

Summary:

The kernel packages contain the Linux kernel, the core of any Linux operating system.

Security Fix(es):

* kernel: ipv6: sr: fix possible use-after-free and null-ptr-deref (CVE-2024-26735)
* kernel: fs: sysfs: Fix reference leak in sysfs_break_active_protection() (CVE-2024-26993)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Full details, updated packages, references, and other related information: https://errata.almalinux.org/9/ALSA-2024-3619.html

This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.

Kind regards,
AlmaLinux Team



ALSA-2024:3306: kernel security and bug fix update (Moderate)


Hi,

You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.

AlmaLinux: 9
Type: Security
Severity: Moderate
Release date: 2024-11-03

Summary:

The kernel packages contain the Linux kernel, the core of any Linux operating system.

Security Fix(es):

* kernel: netfilter: nf_tables: mark set as dead when unbinding anonymous set with timeout (CVE-2024-26643)
* kernel: netfilter: nf_tables: disallow anonymous set with timeout flag (CVE-2024-26642)
* kernel: netfilter: nft_ct: sanitize layer 3 and 4 protocol number in custom expectations (CVE-2024-26673)
* kernel: net: ip_tunnel: prevent perpetual headroom growth (CVE-2024-26804)

Full details, updated packages, references, and other related information: https://errata.almalinux.org/9/ALSA-2024-3306.html

This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.

Kind regards,
AlmaLinux Team



ALSA-2024:6567: kernel security update (Moderate)


Hi,

You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.

AlmaLinux: 9
Type: Security
Severity: Moderate
Release date: 2024-11-03

Summary:

The kernel packages contain the Linux kernel, the core of any Linux operating system.

Security Fix(es):

* kernel: efivarfs: force RO when remounting if SetVariable is not supported (CVE-2023-52463)
* kernel: nfsd: fix RELEASE_LOCKOWNER (CVE-2024-26629)
* kernel: mm: cachestat: fix folio read-after-free in cache walk (CVE-2024-26630)
* kernel: mm/writeback: fix possible divide-by-zero in wb_dirty_limits(), again (CVE-2024-26720)
* kernel: Bluetooth: af_bluetooth: Fix deadlock (CVE-2024-26886)
* kernel: kprobes/x86: Use copy_from_kernel_nofault() to read from unsafe address (CVE-2024-26946)
* kernel: KVM: SVM: Flush pages under kvm->lock to fix UAF in svm_register_enc_region() (CVE-2024-35791)
* kernel: mm: cachestat: fix two shmem bugs (CVE-2024-35797)
* kernel: x86/coco: Require seeding RNG with RDRAND on CoCo systems (CVE-2024-35875)
* kernel: mm/hugetlb: fix missing hugetlb_lock for resv uncharge (CVE-2024-36000)
* kernel: iommufd: Fix missing update of domains_itree after splitting iopt_area (CVE-2023-52801)
* kernel: net: fix out-of-bounds access in ops_init (CVE-2024-36883)
* kernel: regmap: maple: Fix cache corruption in regcache_maple_drop() (CVE-2024-36019)
* kernel: usb-storage: alauda: Check whether the media is initialized (CVE-2024-38619)
* kernel: net: bridge: mst: fix vlan use-after-free (CVE-2024-36979)
* kernel: scsi: qedf: Ensure the copied buf is NUL terminated (CVE-2024-38559)
* kernel: xhci: Handle TD clearing for multiple streams case (CVE-2024-40927)
* kernel: cxl/region: Fix memregion leaks in devm_cxl_add_region() (CVE-2024-40936)
* kernel: net/sched: Fix UAF when resolving a clash (CVE-2024-41040)
* kernel: ppp: reject claimed-as-LCP but actually malformed packets (CVE-2024-41044)
* kernel: mm: prevent derefencing NULL ptr in pfn_section_valid() (CVE-2024-41055)
* kernel: PCI/MSI: Fix UAF in msi_capability_init (CVE-2024-41096)
* kernel: xdp: Remove WARN() from __xdp_reg_mem_model() (CVE-2024-42082)
* kernel: x86: stop playing stack games in profile_pc() (CVE-2024-42096)
* kernel: Revert "mm/writeback: fix possible divide-by-zero in wb_dirty_limits(), again" (CVE-2024-42102)
* kernel: mm: avoid overflows in dirty throttling logic (CVE-2024-42131)
* kernel: nvme: avoid double free special payload (CVE-2024-41073)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Full details, updated packages, references, and other related information: https://errata.almalinux.org/9/ALSA-2024-6567.html

This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.

Kind regards,
AlmaLinux Team



ALSA-2024:2394: kernel security, bug fix, and enhancement update (Important)


Hi,

You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.

AlmaLinux: 9
Type: Security
Severity: Important
Release date: 2024-11-03

Summary:

The kernel packages contain the Linux kernel, the core of any Linux operating system.

Security Fix(es):

* kernel: GSM multiplexing race condition leads to privilege escalation (CVE-2023-6546)
* kernel: multiple use-after-free vulnerabilities (CVE-2024-1086, CVE-2023-3567, CVE-2023-4133, CVE-2023-6932, CVE-2023-39198, CVE-2023-51043, CVE-2023-51779, CVE-2023-51780, CVE-2024-1085, CVE-2024-26582)
* kernel: Bluetooth BR/EDR PIN Pairing procedure is vulnerable to an impersonation attack (CVE-2020-26555)
* kernel: memcg does not limit the number of POSIX file locks allowing memory exhaustion (CVE-2022-0480)
* kernel: multiple NULL pointer dereference vulnerabilities (CVE-2022-38096, CVE-2023-6622, CVE-2023-6915, CVE-2023-42754, CVE-2023-46862, CVE-2023-52574, CVE-2024-0841, CVE-2023-52448)
* kernel: integer overflow in l2cap_config_req() in net/bluetooth/l2cap_core.c (CVE-2022-45934)
* kernel: netfilter: nf_tables: out-of-bounds access in nf_tables_newtable() (CVE-2023-6040)
* kernel: GC's deletion of an SKB races with unix_stream_read_generic() leading to UAF (CVE-2023-6531)
* kernel: Out of boundary write in perf_read_group() as result of overflow a perf_event's read_size (CVE-2023-6931)
* kernel: Bluetooth Forward and Future Secrecy Attacks and Defenses (CVE-2023-24023)
* kernel: irdma: Improper access control (CVE-2023-25775)
* Kernel: double free in hci_conn_cleanup of the bluetooth subsystem (CVE-2023-28464)
* kernel: Bluetooth: HCI: global out-of-bounds access in net/bluetooth/hci_sync.c (CVE-2023-28866)
* kernel: race condition between HCIUARTSETPROTO and HCIUARTGETPROTO in hci_uart_tty_ioctl (CVE-2023-31083)
* kernel: multiple out-of-bounds read vulnerabilities (CVE-2023-37453, CVE-2023-39189, CVE-2023-39193, CVE-2023-6121, CVE-2023-39194)
* kernel: netfilter: race condition between IPSET_CMD_ADD and IPSET_CMD_SWAP (CVE-2023-42756)
* kernel: lib/kobject.c vulnerable to fill_kobj_path out-of-bounds write (CVE-2023-45863)
* kernel: smb: client: fix potential OOBs in smb2_parse_contexts() (CVE-2023-52434)
* kernel: mm/sparsemem: fix race in accessing memory_section->usage (CVE-2023-52489)
* kernel: net: fix possible store tearing in neigh_periodic_work() (CVE-2023-52522)
* kernel: multiple memory leak vulnerabilities (CVE-2023-52529, CVE-2023-52581)
* kernel: net: bridge: data races indata-races in br_handle_frame_finish() (CVE-2023-52578)
* kernel: net/core: kernel crash in ETH_P_1588 flow dissector (CVE-2023-52580)
* kernel: net/sched: act_ct: fix skb leak and crash on ooo frags (CVE-2023-52610)
* kernel: CIFS Filesystem Decryption Improper Input Validation Remote Code Execution Vulnerability in function receive_encrypted_standard of client (CVE-2024-0565)
* kernel: tls: race between async notify and socket close (CVE-2024-26583)
* kernel: tls: handle backlogging of crypto requests (CVE-2024-26584)
* kernel: tls: race between tx work scheduling and socket close (CVE-2024-26585)
* kernel: mlxsw: spectrum_acl_tcam: Fix stack corruption (CVE-2024-26586)
* kernel: i2c: i801: Fix block process call transactions (CVE-2024-26593)
* kernel: sched/membarrier: reduce the ability to hammer on sys_membarrier (CVE-2024-26602)
* kernel: netfilter: nf_tables: reject QUEUE/DROP verdict parameters (CVE-2024-26609)
* kernel: local dos vulnerability in scatterwalk_copychunks (CVE-2023-6176)
* kernel: perf/x86/lbr: Filter vsyscall addresses (CVE-2023-52476)
* kernel: netfilter: nf_tables: disallow timeout for anonymous sets (CVE-2023-52620)
* kernel: ip6_tunnel: fix NEXTHDR_FRAGMENT handling in ip6_tnl_parse_tlv_enc_lim() (CVE-2024-26633)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.

Full details, updated packages, references, and other related information: https://errata.almalinux.org/9/ALSA-2024-2394.html

This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.

Kind regards,
AlmaLinux Team



ALSA-2024:8617: kernel security update (Moderate)


Hi,

You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.

AlmaLinux: 9
Type: Security
Severity: Moderate
Release date: 2024-11-03

Summary:

The kernel packages contain the Linux kernel, the core of any Linux operating system.

Security Fix(es):

* hw: cpu: intel: Native Branch History Injection (BHI) (CVE-2024-2201)
* kernel: tcp: add sanity checks to rx zerocopy (CVE-2024-26640)
* kernel: mptcp: fix data re-injection from stale subflow (CVE-2024-26826)
* kernel: af_unix: Fix garbage collector racing against connect() (CVE-2024-26923)
* kernel: mac802154: fix llsec key resources release in mac802154_llsec_key_del (CVE-2024-26961)
* kernel: scsi: core: Fix unremoved procfs host directory regression (CVE-2024-26935)
* kernel: tty: Fix out-of-bound vmalloc access in imageblit (CVE-2021-47383)
* kernel: net/sched: taprio: extend minimum interval restriction to entire cycle too (CVE-2024-36244)
* kernel: xfs: fix log recovery buffer allocation for the legacy h_size fixup (CVE-2024-39472)
* kernel: netfilter: nft_inner: validate mandatory meta and payload (CVE-2024-39504)
* kernel: USB: class: cdc-wdm: Fix CPU lockup caused by excessive log messages (CVE-2024-40904)
* kernel: mptcp: ensure snd_una is properly initialized on connect (CVE-2024-40931)
* kernel: ipv6: prevent possible NULL dereference in rt6_probe() (CVE-2024-40960)
* kernel: ext4: do not create EA inode under buffer lock (CVE-2024-40972)
* kernel: wifi: mt76: mt7921s: fix potential hung tasks during chip recovery (CVE-2024-40977)
* kernel: net/sched: act_api: fix possible infinite loop in tcf_idr_check_alloc() (CVE-2024-40995)
* kernel: ext4: fix uninitialized ratelimit_state->lock access in __ext4_fill_super() (CVE-2024-40998)
* kernel: netpoll: Fix race condition in netpoll_owner_active (CVE-2024-41005)
* kernel: xfs: don't walk off the end of a directory data block (CVE-2024-41013)
* kernel: xfs: add bounds checking to xlog_recover_process_data (CVE-2024-41014)
* kernel: block: initialize integrity buffer to zero before writing it to media (CVE-2024-43854)
* kernel: netfilter: flowtable: initialise extack before use (CVE-2024-45018)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Full details, updated packages, references, and other related information: https://errata.almalinux.org/9/ALSA-2024-8617.html

This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.

Kind regards,
AlmaLinux Team



ALSA-2024:8678: grafana security update (Important)


Hi,

You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.

AlmaLinux: 9
Type: Security
Severity: Important
Release date: 2024-11-03

Summary:

Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB.

Security Fix(es):

* golang-fips: Golang FIPS zeroed buffer (CVE-2024-9355)
* dompurify: nesting-based mutation XSS vulnerability (CVE-2024-47875)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Full details, updated packages, references, and other related information: https://errata.almalinux.org/9/ALSA-2024-8678.html

This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.

Kind regards,
AlmaLinux Team



ALSA-2024:8680: mod_http2 security update (Low)


Hi,

You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.

AlmaLinux: 9
Type: Security
Severity: Low
Release date: 2024-10-31

Summary:

The mod_h2 Apache httpd module implements the HTTP2 protocol (h2+h2c) on top of libnghttp2 for httpd 2.4 servers.

Security Fix(es):

* mod_http2: DoS by null pointer in websocket over HTTP/2 (CVE-2024-36387)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Full details, updated packages, references, and other related information: https://errata.almalinux.org/9/ALSA-2024-8680.html

This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.

Kind regards,
AlmaLinux Team



ALSA-2024:8729: firefox security update (Moderate)


Hi,

You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.

AlmaLinux: 8
Type: Security
Severity: Moderate
Release date: 2024-11-03

Summary:

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.

Security Fix(es):

* firefox: thunderbird: History interface could have been used to cause a Denial of Service condition in the browser (CVE-2024-10464)
* firefox: thunderbird: XSS due to Content-Disposition being ignored in multipart/x-mixed-replace response (CVE-2024-10461)
* firefox: thunderbird: Permission leak via embed or object elements (CVE-2024-10458)
* firefox: thunderbird: Use-after-free in layout with accessibility (CVE-2024-10459)
* firefox: thunderbird: Memory safety bugs fixed in Firefox 132, Thunderbird 132, Firefox ESR 128.4, and Thunderbird 128.4 (CVE-2024-10467)
* firefox: thunderbird: Clipboard "paste" button persisted across tabs (CVE-2024-10465)
* firefox: DOM push subscription message could hang Firefox (CVE-2024-10466)
* firefox: thunderbird: Cross origin video frame leak (CVE-2024-10463)
* firefox: thunderbird: Origin of permission prompt could be spoofed by long URL (CVE-2024-10462)
* firefox: thunderbird: Confusing display of origin for external protocol handler prompt (CVE-2024-10460)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Full details, updated packages, references, and other related information: https://errata.almalinux.org/8/ALSA-2024-8729.html

This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.

Kind regards,
AlmaLinux Team


KRB5 Security Updates for RHEL

Chromedriver and govulncheck-vulndb updates for SUSE

Windows

Linux

macOS

Community

  • dhamu
    Hello Phil, I have a Linux Tutorial website that curre ...
  • StephanX
    Hi friends, i am new in the Linux universe but i try to ...
  • Philipp
    I would try the XanMod kernel: https://xanmod.org  I ...